Senior Manager, Information Security Architecture & Engineering

Summary

Join Oportun as a Senior Manager, Information Security Architecture & Engineering, a key leadership role defining and driving security architecture, secure-by-design principles, and vulnerability management. You will partner with engineering and technology teams, oversee vulnerability management, develop security design review services, and act as a security advisor. This role requires strong leadership to manage a team and drive cross-functional collaboration. The ideal candidate fosters a culture of collaboration and high performance, viewing security as a business enabler. Oportun offers a competitive salary and a chance to shape the security strategy of a fast-moving organization.

Requirements

• 10+ years of experience in security architecture, application security, infrastructure security, or related domains
• Strong technical background in cloud security (AWS, Azure, GCP), DevSec Ops, and data security
• Experience leading and developing globally distributed security teams with a focus on professional growth and collaboration
• Proven ability to build and scale security design review services to support secure software development
• Experience designing security controls for data flow pipelines and distributed computing environments
• Hands-on knowledge of secure software development practices, security testing methodologies, and threat modeling
• Strong cross-functional leadership with the ability to communicate security risks effectively to engineering, IT, and business stakeholders
• Deep understanding of security frameworks and regulations (e.g., NIST CSF, PCI-DSS, SOC 2, CIS Controls)
• Bachelor’s degree in computer science, Information Security, or related field; Master's degree preferred

Responsibilities

• Define and maintain secure application and infrastructure architecture frameworks, ensuring security is built-in from the outset
• Partner with engineering, DevOps, and technology teams to integrate security into SDLC, CI/CD, and data pipelines
• Own and oversee the vulnerability management program, ensuring risk-based remediation across all technology assets
• Develop and scale a security design review service, providing structured security assessments for new and evolving systems
• Advocate for security as a service, building tools and processes that streamline secure development and system operations
• Act as a security advisor to engineering, DevOps, and technology operations, ensuring security aligns with business goals
• Collaborate with the Security Governance, Risk, and Compliance (GRC) team to align technical security requirements with regulatory frameworks
• Champion a security-first culture, ensuring teams understand security risks, standards and best practices

Preferred Qualifications

• Expertise in application security testing, threat modeling, bug bounty programs, and software security assessments
• Expertise in identity & access management (IAM), encryption, authentication, logging, and monitoring architectures
• Experience with AWS, GitHub, and leading security solutions
• Security certifications (CISSP, CISM, OSCP, AWS Security Specialty, or similar) preferred

Benefits

• Be a key leader in shaping the security strategy for a fast-moving, technology-driven organization
• Influence security architecture and risk management decisions across diverse technology landscapes
• Work with a highly skilled, cross-functional team of security, engineering, and IT professionals
• Drive security innovation while ensuring strong alignment with regulatory and business objectives
• The US base salary range for this full-time position is $ 160,200 - $ 256,300